More Ambrosia (Cloud) With a Little Policy Thrown In Too

Yes there is still more ambrosia, err cloud, to consider. I will keep this one brief. My colleague, Patrick Ryan, was a scholar in residence and now an Adjunct Professor in the Interdisciplinary Telecommunications Program at CU Boulder. He also works with me on Google’s policy team. Ronak Merchant, Sarah Falvey, and Patrick have a piece about cloud policy called Regulation of the Cloud in India in the Journal of Internet Law. The paper goes into some telecomm history, looks at some business cases for the cloud, and makes some policy claims:

Because computation in the cloud is no different from use of the Internet itself, it is not readily feasible or practical to cage and confine data flows within the cloud in a way that is substantially different from the flow of worldwide information generally.

For this reason, regulatory frameworks should not be sui generis or custom tailored for the cloud and, instead, should leverage or update existing laws that are already in place. This article proposes a regulatory model for the cloud and shows how this model can be applied to India.

What is that proposal? Read the paper to find out! (Seriously, the history stuff was worth the read alone for me). Hint: Although somewhat India specific, the basic idea is that many regulations are already in place and so proposed new ones should be careful for “In the second largest democracy in the world, it is imperative that the free flow of information be preserved.”

Share

Deven Desai

Deven Desai is an associate professor of law and ethics at the Scheller College of Business, Georgia Institute of Technology. He was also the first, and to date, only Academic Research Counsel at Google, Inc., and a Visiting Fellow at Princeton University’s Center for Information Technology Policy. He is a graduate of U.C. Berkeley and the Yale Law School.
Professor Desai’s scholarship examines how business interests, new technology, and economic theories shape privacy and intellectual property law and where those arguments explain productivity or where they fail to capture society’s interest in the free flow of information and development. His work has appeared in leading law reviews and journals including the Georgetown Law Journal, Minnesota Law Review, Notre Dame Law Review, Wisconsin Law Review, and U.C. Davis Law Review.

2 Responses

Even assuming that “computation in the cloud is no different from use of the Internet itself” isn’t a false statement, it’s a red herring. For context, see this passage from the recommended paper (@9):

Companies such as Google offer a broad base of business productivity tools and office-software replacements in the cloud. Google Apps, for example, is an enterprise-ready suite of applications that includes Gmail, Google Calendar (shared calendaring), Google Docs and Spreadsheets (online document hosting and collaboration), Google Sites (team site creation and publishing), and Google Video (easy, secure sharing of video content). These Web-based services can be securely accessed from any browser, work on mobile devices such as BlackBerry and iPhone, and integrate with other popular email systems such as Microsoft Outlook, Apple Mail, and more.

If I have a word processing program locally on my computer, then for one thing I can use it even though I’m not connected to the Internet. (This is, indeed, a frequent mode of working for me.) That is much more private than if I’m working in the cloud, where someone can potentially see my every keystroke. The assertion of “secure access” by Google or another service provider (most likely subject to arcane TOUs that can change unilaterally without notice) isn’t equivalent to the ability to work with WiFi tuned off and LAN cables unplugged. For another, no one is able to direct advertisements to me or have other monetizing opportunities based on what I’m writing. A more pertinent focus than comparing “computation” in the cloud to use of the Internet is comparing use of cloud-based services to use of local software.

Another, and even smellier, red herring: the democracy discourse. There isn’t any democracy of any size — I hope — in which the flow of information is absolutely free. Privacy must always be a concern. And the free flow of advertising to every man, woman and child is not necessarily desirable. Yet that is exactly the business model of some of those who would be providers of “a broad base of business productivity tools and office-software replacements in the cloud.” One should suspect that the plea against regulation has much more to do with commerce than with democracy.

I find myself completely in agreement with AJ here, and in fact deeply troubled by the paper. It cursorily dismisses the benefits of new regulation and bluntly evokes “costs” that it does little to quantify or document. Sure, India may maintain an edge in outsourcing by doing very little to regulate data flow, but so too might a desperate LDC get more manufacturing located in it by despoiling its environment. If I were designing a national information strategy, I’d want to be known as a leader in privacy, not an also-ran in a race to the bottom.

When I read the comments filed by covered entities or business associates in response to HHS rulemaking on audit trail requirements post-HITECH, I’m not surprised to see that kind of one-sidedness. I expect more from an academic journal.

Finally, and most importantly, I hope all can agree that in democratic societies, people deserve to know who paid for communications. Ellen Goodman gave an account of the many reasons for this norm in her work on stealth marketing.